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Summary 

The  following  report  details  the  research  work  has  been  done  by  ASDL  in  developing  and 
applying  the  IRIS  concept  for  the  period  of  February  22  to  June  30,  2009.  The  main 
objective  of  the  work  for  this  period  is  to  further  develop  and  refine  the  integrated 
modeling  and  simulation  environment  in  order  to  investigate  the  behavior  of  complex 
naval  systems  for  improving  the  ship  design  and  operations.  Five  individual  tasks  were 
conducted  to  fulfill  this  objective.  Models  revised  based  on  the  notional  YP  were 
integrated  and  tested;  a  control  architecture  with  inference  engine  was  proposed  and 
evaluated  based  on  defined  scenarios;  comparison  of  plain  NN  models  and  NN  models 
with  the  block-structure  was  performed  for  evaluating  accuracy  of  the  surrogate  models; 
a  suitable  framework  and  a  database  engine  has  been  selected  to  facilitate  the  information 
management  for  developing  the  HMI  of  the  simulation  environment;  a  robust  and  a 
resilient  approaches  were  proposed  to  conduct  design  space  exploration  in  order  to  obtain 
an  ultimate  design  with  increased  survivability  and  mission  effectiveness.  The  rest  of  the 
report  will  explain  the  accomplishments  for  each  task  in  details. 

Task  1:  Integration  of  Heterogeneous  Systems 

In  order  to  represent  a  notional  YP  ship  in  a  computer  simulation  environment,  the 
models  of  sub-components  must  be  created  and  integrated  into  a  single  model  that 
represents  the  ship.  The  sub  models  used  were  created  by  several  members  of  the  GT 
IRIS  team.  They  comprise  of  a  power  model  for  the  representation  of  the  electric  system, 
a  fluid  model  that  represents  the  cooling  fluid  flow,  three  layers  of  controllers,  a  scenario 
script,  and  a  Human-Machine  Interface. 

The  power  model  is  modeled  in  Simulink.  It  is  set  up  modularly,  and  the  number  of  loads 
is  easily  changeable.  It  is  a  physics-based  model,  and  has  the  main  physical  components 
that  an  actual  power  model  would  include,  such  as  controllers,  busses,  service  loads,  etc. 
The  power  model  creates  the  thermal  loads  to  be  taken  care  of  by  the  fluid  flow  model. 
The  cooling  fluid  flow  is  modeled  in  Flowmaster  V7.  It  represents  the  cooling  flow 
network,  and  interacts  with  the  service  load  temperatures  from  the  power  model.  The 
fluid  model  also  has  a  damage  mode  modeled  in.  This  is  simply  represented  by  two 
valves  that  open  into  the  environment,  thus  simulating  a  pipe  rupture,  similar  to  what 
would  be  the  outcome  of  a  missile  hit  of  the  ship. 

The  opening  of  the  rupture  valves  is  controlled  by  the  scenario  script,  which  essentially 
determines  when  a  rupture  happens,  and  where.  Currently,  ruptures  are  only  implemented 
at  one  location  in  the  fluid  model,  but  more  will  be  modeled  in  a  next  effort. 

The  three  controllers  are  responsible  to  correctly  react  to  ruptures  within  the  fluid  flow 
model  and  distribute  the  cooling  fluid  to  the  service  loads.  The  controllers  detect  the 
rupture  location,  and  shut  down  valves  accordingly  such  that  the  rupture  within  the  flow 
network  is  isolated,  and  cooling  fluid  loss  is  prevented. 

The  sub  models  were  integrated  using  Phoenix  Integration  ModelCenter.  A  scheduler 
script  was  written,  which  takes  care  of  running  the  models  and  exchanging  the  necessary 


data  between  the  respeetive  models  over  the  time.  The  seript  also  allows  for  temperature 
unit  eonversions  between  some  models.  It  further  allows  for  arbitrarily  scheduled 
execution  of  sub  models,  a  feature  that  proved  to  be  necessary  for  correct  execution  and 
communication  between  the  low-level  and  mid-level  controllers.  Also,  models  ean  be 
exchanged  and  modified  more  easily  when  integrated  with  a  seript  instead  of  the 
ModelCenter  link  editor.  Lastly,  the  scheduler  allows  for  adaptive  time  steps,  a  feature 
that  will  be  implemented  onee  the  simulation  runs  eorreetly. 

A  makeshift  interface  for  data  output  and  visualization  was  included.  The  output  is  into 
an  Exeel  worksheet.  It  allows  for  free  choice  and  selection  of  variables  to  be  displayed  in 
standard  Exeel  graphs.  However,  data  is  only  stored  until  the  next  simulation  run.  More 
importantly,  the  interface  is  read-only,  which  means  that  the  simulation  cannot  be 
influenced  during  the  run,  the  Exeel  interface  only  helps  to  display  variables.  A  much 
more  sophisticated  database  driven  Human  Machine  Interface  (HMI)  is  currently  under 
development.  A  preliminary  version  has  been  shown  to  work  successfully  with  the 
simulation. 

Previous  investigations  into  general  methods  of  optimizing  simulation  execution  time  and 
accuracy  have  shown  that  an  adaptive  simulation  time  step  is  beneficiary  to  both  real 
world  execution  time  and  result  accuracy.  Related  publications  by  Nairouz  and  Hoepfer 
have  been  cited  previously.  The  approaches  used  for  these  publication  was  a  crude  rule  of 
thumb  algorithm,  with  no  further  evaluation  regarding  optimized  parameters  etc.  Hence, 
further  efforts  were  made  to  investigate  this  issue.  This  leads  to  the  more  general  question 
of  model  evaluation  and  optimization.  It  must  be  kept  in  mind  that  in  a  real  simulation, 
such  as  the  one  that  will  eventually  model  the  actual  YP  ship,  consists  of  dynamic  sub 
models  whose  properties  are  unknown.  Henee,  it  must  be  determined  whether  the  outputs 
from  the  integrated  co-simulation  actually  represent  the  real  world  system  output.  Time 
step  optimization  will  then  be  a  sub  problem  to  this  general  problem.  First  steps  have 
been  made  to  evaluate  which  approaches  seem  appropriate  to  determine  the  actual  system 
output.  Ideally,  the  applied  algorithm  would  determine,  from  the  current  simulation  step, 
the  next  simulation  step  and  the  system  states  at  that  point.  It  also  would  determine  an 
error  bound  within  which  it  is  assumed  that  the  function  accurately  represents  the  real 
world  system.  If  the  system  stays  within  this  error  bound,  it  is  deemed  to  be  accurate,  and 
a  next  time  step  ean  be  evaluated.  If  the  system  goes  beyond  the  error  bound,  then  it  is 
assumed  that  it  does  not  accurately  represent  the  real  world  system.  A  deviation  from  the 
error  bounds  might  also  indicate  an  external  shock  input  to  the  system.  In  either  ease, 
eorreetive  actions  must  be  determined  which  will  need  to  be  taken  in  order  to  get  the 
simulation  back  into  accurate  real  world  representation.  In  the  ease  of  error  deviation  due 
to  internal  model  behavior,  a  reduced  time  step  may  be  an  accurate  and  simple  solution. 
In  the  ease  of  external  shock,  such  as  sudden  system  alteration  due  to  ruptures  ete.,  the 
ease  is  different,  since  the  simulation  must  be  able  to  handle  such  instances,  and  re¬ 
configure  the  system  accordingly.  Henee,  the  eorreetive  action  necessary  will  need  to  be 
more  elaborate. 

For  simple  simulation  of  an  integrated  model,  mathematical  models  have  been 
investigated  that  might  help  to  determine  the  eorreetness  of  the  simulation  outputs.  These 
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methods  are  based  on  numerieal  methods  for  the  solution  of  differential  equations.  If  a 
differential  equation  is  to  be  solved  on  a  digital  eomputer,  it  may  not  be  able  to  solve  the 
equation  and  use  the  solution  to  determine  the  “path”  of  the  equation  variables.  Henee, 
numerieal  methods  are  used  to  solve  sueh  equations.  The  main  property  that  links  these 
methods  to  the  simulation  of  an  integrated  model  is  that,  for  both  eases  the  aetual 
equations  are  unknown  and  henee  need  to  be  approximated.  First  approaehes  and 
algorithms  have  been  identified,  and  are  eurrently  being  implemented  on  a  simple  test 
model.  Further  literature  review  showed  that  there  are  more  sophistieated  methods  for 
evaluation,  whieh  represent  predietor-eorreetor  methods.  These  methods  first  estimate  the 
next  time  step  point,  and  then  use  eorreetive  measures  to  determine  the  aeeuraey  of  the 
point.  Also,  some  methods  have  adaptive  time  steps  ineluded,  whieh  keep  the  simulation 
within  desired  error  bounds.  However,  these  methods  require  large  eomputational 
expenses,  and  an  investigation  may  be  necessary  to  determine  the  tradeoff  between 
aeeuraey  and  computation  time. 

Task  2:  Multi-Agent  Based  Mid-level  Control  with 
Dynamic  Inference  Engine 

Introduction 

Increasing  societal  demand  for  automation  has  led  to  considerable  efforts  for  controlling 
large-scale  complex  systems,  especially  in  the  area  of  autonomous  intelligent  control 
methods.  A  control  system  of  a  large-scale  complex  system  needs  to  satisfy  four  system 
level  requirements:  robustness,  flexibility,  reusability,  and  scalability.  Corresponding  to 
the  four  system  level  requirements,  there  arise  four  major  challenges  of  controlling  large- 
scale  complex  systems.  First,  it  is  difficult  to  get  accurate  and  complete  information. 
Second,  the  system  may  be  physically  highly  distributed.  Third,  the  system  evolves  very 
quickly.  Fourth,  emergent  global  behaviors  of  the  system  ean  be  caused  by  small 
disturbances  at  component  level.  To  deal  with  those  challenges.  Hybrid  Multi-Agent 
Based  Control  (HyMABC)  architecture  with  Multiple  Sectioned  Dynamic  Bayesian 
Networks  (MSDBNs)  inference  engine  have  been  proposed. 

Hybrid  Multi-Agent  Based  Control  (HyMABC)  Architecture 

HyMABC  architecture  combines  hierarchical  control  architecture  and  module  control 
architecture  together  to  form  a  hybrid  control  architecture.  First,  it  decomposes  a  complex 
system  hierarchically;  second,  it  combines  the  components  at  the  same  level  as  a  module 
and  then  designs  common  interfaces  for  all  of  the  components  in  the  same  module;  third, 
a  few  replications  are  made  for  critical  agents  and  are  organized  into  some  logical  rings. 
It  keeps  clear  guidelines  for  complexity  decomposition  and  also  reduces  communication 
complexity  of  the  distributed  control  system. 

For  an  important  control  agent  such  as  the  highest  level  agent  in  the  multi-agent  system, 
if  it  is  damaged  or  unavailable,  the  whole  system  will  lose  the  global  control  even  though 
the  subsystems  ean  work  according  to  their  available  information.  In  order  to  keep  the 
whole  system  working  and  prevent  a  failure  of  significant  control  agent  from  oeeuring,  a 
few  replications  are  created  and  arranged  in  a  robust  and  efficient  way  to  insure 
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automatic  reconfiguration  when  necessary.  Similar  to  the  idea  of  fault-tolerance  with 
replieated  main  eontainers  in  Java  Agent  DEveleopment  (JADE),  it  starts  with  many 
replications  of  a  significant  control  agent  as  needed.  The  replicated  agents  are  software 
based  and  modulated,  thus  it  is  easy  to  apply.  All  of  the  replications  arrange  themselves 
into  a  logical  ring.  Whenever  one  of  the  replications  fails,  the  others  will  notice  and  act 
accordingly  by  using  eross-notifieation.  Agents  connecting  to  the  failed  replication  will 
be  able  to  connect  to  some  other  replications  and  keep  all  of  the  information  as  the  same 
as  before  the  damage  happens. 

Multiple  Sectioned  Dynamic  Bayesian  Networks  (MSDBNs) 
Inference  Engine 

Multiple  Sectioned  Dynamic  Bayesian  Networks  (MSDBNs),  as  a  distributed,  dynamic, 
probabilistic  inference  engine,  can  be  embedded  into  the  control  architecture  to  handle 
uncertainties  of  general  large-scale  complex  systems.  MSDBNs  decomposes  a  large 
knowledge-based  system  into  many  agents.  Each  agent  holds  its  partial  perspective  of  a 
large  problem  domain  by  representing  its  knowledge  as  a  dynamic  Bayesian  network. 
Each  agent  accesses  local  evidence  from  its  corresponding  local  sensors  and 
communicates  with  other  agents  through  finite  message  passing.  If  the  distributed  agents 
can  be  organized  into  a  tree  structure,  which  satisfies  running  intersection  property  and  d- 
sep  set  requirements,  globally  consistent  inferences  are  achievable  in  a  distributed  way. 
By  using  different  frequencies  for  local  DBN  agent  belief  updating  and  global  system 
belief  updating,  it  balances  the  communication  cost  and  inference  global  consistency.  In 
this  research,  fully  factorized  Boyen-Koller  (BK)  approximation  algorithm  is  used  for 
local  DBN  agent  belief  updating,  and  static  Junction  Forest  Linkage  Tree  (JFLT) 
algorithm  is  used  for  global  system  belief  updating. 

Modeling  and  Simulation  Environment 

Multi-agent  based  control  model  with  distributed  multiple  sectioned  dynamic  Bayesian 
network  inference  engine  has  been  established  for  a  simplified  chilled  water  system.  This 
simplified  chilled  water  system  includes  one  ehiller-pump  plant  and  two  service  loads. 


Figure  1:  The  Entire  Test  Model  in  ModelCenter  Analysis  View 
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An  integration  environment  shown  in  Figure  1  has  been  developed  by  using 
ModelCenter®  of  Phoenix  Integration  to  test  the  proposed  methods.  The  integration 
model  ineludes  five  modules:  Seenario,  ABCtrl,  CWS,  TES  and 
SeenarioDefinementAndResultColleetion.  Seenario  module  transforms  the  seenarios 
defined  in  SeenarioDefmementAndResultColleetion  module  into  the  format  whieh  is 
eompatible  with  CWS  module  ereated  in  Flowmaster.  ABCtrl  ineludes  HyMABC  and 
MSDBN,  whieh  eonsist  of  dozens  of  eontrol  agents  and  three  Bayesian  network  agents. 
All  of  the  agents  are  established  in  JADE  whieh  is  eompletely  implemented  in  Java 
language,  while  CWS  simulates  fluid  network  whieh  balanees  energy,  pressure  and  mass 
flow  rate  of  fluid.  TES  is  a  thermoeleetrie  model  developed  in  MATLAB  Simulink  and  it 
also  ineludes  low  level  feedbaek  eontrollers.  SeenarioDefinementAndResultColleetion  is 
implemented  in  Exeel  worksheet.  It  defines  the  seenarios,  eolleets  the  simulated  results 
and  visualizes  the  results. 

Result  Analysis 

By  using  the  integrated  model,  three  seenarios  have  been  tested  and  analyzed. 

•  Scenario  1  (Nominal  Conditions): 

Assumptions:  all  of  the  eomponents  are  not  damaged;  every  flow  rate  point  in  the 
Bayesian  network  is  observable;  every  eomponent  open  degree  is  observable;  resouree 
eapaeity  is  0.8kg/see;  the  initial  temperatures  of  serviee  load  1  and  serviee  load  2  are  317 
Kelvin  and  400  Kelvin  respeetively.  For  the  nominal  ease,  the  eontrol  system  ean  make 
the  right  deeisions  and  distribute  the  resouree  to  different  serviee  loads  aeeordingly. 

•  Scenario  2: 

Assumptions:  all  of  the  flow  rates  listed  in  the  Bayesian  network  are  not  observable; 
every  eomponent  open  degree  is  observable;  resouree  eapaeity  is  0.8kg/see;  valve? 
beeomes  STUCKCLOSE  at  time  ?  =  440see  nth  iteration);  valvell  beeomes 
STUCKCLOSE  at  time  ^  ~  840  see  (the  21st  iteration);  resouree  eapaeity  is  0.8kg/see;  the 
initial  temperatures  of  serviee  load  1  and  serviee  load  2  are  317  Kelvin  and  400  Kelvin 
respeetively.  For  this  ease,  the  results  shows  that  without  any  flow  rate  observation  and 
only  with  eomponent  open  degree  observations,  the  inferenee  engine  ean  deteet 
eomponent  damages  quiek  enough  and  the  eontrol  system  ean  reeonfigure  the  whole 
system  by  switehing  from  damaged  eomponents  to  their  eorresponding  redundant  ones  to 
redistribute  system  resouree  aeeordingly. 

•  Scenario  3: 

Assumptions:  only  the  flow  rates  of  the  points  located  in  the  upstream  of  valves  in 
service  loads  and  listed  in  the  Bayesian  networks  are  observable;  valve  open  degrees  are 
observable  only  for  valvel,  valve2  and  valve?.  Pumps  and  chiller  operation  states  arc 
observable.  Valve  7  is  STUCKCLOSE  at  time  ?  =  440sec  Hth  iteration).  Valve  11 

is  STUCKCLOSE  at  time  ^  =  840sec  (^j^g  21  st  iteration);  resource  capacity  is  0.8kg/sec; 
the  initial  temperatures  of  serviee  load  1  and  service  load  2  are  450  Kelvin  and  400 
Kelvin  respectively.  For  this  case,  the  results  show  that  it  is  hard  to  detect  component 
state  changes  by  only  using  flow  rate  observations,  which  is  due  to  cyclic  characteristic 
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of  the  fluid  network.  Fortunately,  for  a  smart  valve,  its  open  degree  is  one  of  the  output 
signals. 


Task  3:  Surrogate  Modeling  of  Dynamic  Systems 

After  the  development  of  the  surrogate  model  with  a  bloek  struetured  NN  and  its 
sueeessful  implementation  to  simple  nonlinear  RLC  modeling  as  proof-of-eoneept,  the 
dynamie  surrogate  modeling  method  based  on  the  bloek  struetured  NN  is  eurrently  being 
used  for  ereating  eomponent  models  of  the  ehilled-water  model  of  the  notional  YP.  In 
this  report,  one  of  the  eomponent  models  was  ehosen  in  order  to  eonduet  a  performanee 
eomparison  between  the  surrogate  model  with  plain  single  hidden  layer  (SHL)  NN  and 
the  surrogate  model  with  the  bloek-struetured  NN.  The  model  is  shown  in  Figure  2  and 
its  speeifieation  is  listed  in  Table  1. 


p  =  Vol  flowrate 


Flow  control 
\iilve 

{OfT-  \'alve 
oi>eiiing  ratio) 


Figure  2:  Model  of  a  Heat  Exchanger  Unit 


Table  1:  Model  Specification 


Pipeline 

Heat  exchanger 

Valve 

Tot.  pipe  length:  12  ft 

Pipe  area:  0.197  in2 

Diameter:  0.5  in 

Diameter:  0.5  in 

Loss  coefficient:  1.5 

Hydraulic  diameter:  0.5  in 

In  Figure  2,  Q  is  volumetrie  flow  rate,  Ov  denotes  valve  opening  ratio,  and  AP  represents 
the  pressure  differenee  between  the  two  ends  of  the  system.  The  model  was  originally 
ereated  using  FlowMaster®  V7. 

Table  2  shows  the  differences  in  the  structural  configuration  of  the  two  NNs.  The  major 
difference  is  that  the  bloek-struetured  NN  has  two  hidden  layers  instead  of  one,  and  the 
neurons  at  the  first  layer  have  the  linear  aetivation  function.  The  number  of  nodes  at  the 
linear  layer  (i.e.,  the  first  layer)  should  be  the  same  as  the  dimension  of  the  system  state 
variables  (and  the  dimension  of  the  final  outputs  from  the  NN  in  this  formulation),  so 
only  one  node  was  assigned.  A  graphieal  representation  of  the  bloek-struetured  NN  will 
be,  as  a  result,  very  similar  to  that  shown  in  Figure  3,  in  whieh  a  “bottleneck”  structure 
ereated  by  the  linear  layer  is  elearly  found.  The  same  number  of  nodes  was  assigned  in 
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the  nonlinear  layers  of  both  NN  structures  so  that  the  two  NNs  have  at  least  the  same 
potential  capability  of  nonlinear  function  approximation. 

Table  2:  NN  Structure 


Plain  NN 

Block  structured  NN 

Net  structure: 

Double  hidden  layer 

Single  hidden  layer 

Layer  1 : 

Layer  2: 

Activation  functions: 

Input  variables: 
No.  of  hidden  nodes: 
Degree  of  freedom: 
Output  variables: 

Hyperbolic  tangent 

e(M),  AP(M),  aw 

10 

51 

m 

Linear 

e(M),AP(M) 

1 

45 

Q{t) 

Hyperbolic  tangent 
Oft) 

10 

Figure  3:  Block  Structured  NN 

The  comparison  was  done  in  a  following  way.  A  training  data  set  and  two  test  sets  were 
generated  from  original  computer  model,  with  arbitrary  changes  on  both  Ov  and  AP  over 
time.  For  each  NN  structure,  five  NN-based  surrogate  models  were  made  using  the  same 
training  set.  For  training  of  each  model,  500  epochs  and  1x10’®  MSE  were  set  as  the 
stopping  conditions,  and  the  training  process  stopped  when  any  of  the  two  conditions 
met.  As  performance  is  measured,  MSE  from  one  of  the  two  test  sets  was  measured  to 
evaluate  model  approximation  accuracy,  and  the  training  time  and  the  number  of  epochs 
are  used  to  assess  training  efficiency.  All  the  NN  implementation  was  made  in  Matlab®, 
and  Levenberg-Marquardt  method  was  chosen  as  the  training  algorithm.  The  results  are 
shown  in  Table  3  and  Table  4. 

Table  3:  Training  Result  of  Plain  NN 


Trial  No. 

1 

2 

3 

4 

5 

Average 

Best 

Training  set 
MSE: 

3.5609x10-^ 

8.8035x10-^ 

4.6208x10-^ 

3.4656x10-^ 

3.2052x10*^ 

4.7312x10*^ 

3.2052x10*" 
(No.  5) 

Test  set  MSE: 

3.0385x10-" 

3.1160x10-" 

2.6629x10-" 

2.9953x10-" 

2.8758x10*" 

2.9377x10*" 

2.6629x10^ 
(No.  3) 

Training  time 
(sec): 

104.8 

104,4 

104.4 

104.4 

104.4 

104.5 

104.4 

Epochs: 

500 

500 

500 

500 

500 

500 

500 

Training 
stopped  by: 

Max.  epochs 

Max.  epochs 

Max.  epochs 

Max.  epochs 

Max.  epochs 

7 


Table  4:  Traing  Result  of  Block-Structured  NN 


Trial  No. 

1 

2 

3 

4 

5 

Average 

Best 

Training  set 
MSE: 

2.7326x1  O’* 

1.7462x10-^ 

9.9629x10'^ 

9.9897x10'^ 

9.9347x10-’ 

1.4935x10^ 

9.9347x10’ 

(No.  5) 

Test  set  MSE: 

2.1417x10-' 

7.2219x10^ 

9.4172x10'^ 

9.0177x10-’ 

l.lSOOxlO"* 

2.8704x10*^ 

7.2219x10-’ 
(No.  2) 

Training  time 
(sec): 

37.2 

37.3 

15.9 

28.1 

6.2 

24.9 

6.2 

Epochs: 

500 

500 

212 

371 

80 

332.6 

80 

Training 
stopped  by: 

Max.  epochs 

Max.  epochs 

Error 

criterion 

Error 

criterion 

Error 

criterion 

Based  on  the  results  above,  it  indieates  that  the  NN  models  with  the  bloek-structure 
seems  to  outperform  the  plain  NN  models  in  both  training  efficiency  and  model  accuracy, 
except  that  the  average  values  of  the  test  set  MSE  almost  tie  though  the  best  test  set  MSE 
of  the  block-structured  NNs  was  about  3.7  times  better  than  that  of  the  plain  NNs. 

Thus,  in  order  to  further  observe  the  performance  in  model  accuracy,  another  test  set  was 
employed  for  simulation  using  the  models  from  the  two  different  structures.  To  have  a 
better  visualization  of  the  simulation  results,  only  the  NN  models  with  the  best  training 
set  MSE  and  the  best  test  set  MSE  were  picked  from  each  of  the  two  groups  to 
demonstrate  the  simulation  tests.  The  plots  of  the  simulation  results  arc  presented  in 
Figure  4  and  Figure  5. 


Figure  4:  Simulation  Result  of  Plain  NN  Models,  Using  another  Test  Set 
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Figure  5:  Simulation  Result  of  Block-Structured  NN  Models,  Using  another  Test  Set 

Unlike  the  previous  results  obtained  through  the  simple  RLC  circuit  model  case,  the  plain 
NN  models  provided  fairly  good  model  stability  and  simulation  accuracy,  which  may  be 
because  most  fluid-system  components  have  the  inherent  monotonic,  fist  order-like 
dynamics.  However,  as  shown  in  Figure  4,  the  model  also  had  strangely  high  errors  in  the 
period  from  about  1.2  seconds  to  3  seconds  of  the  simulation  time,  where  the  valve 
opening  ratio,  one  of  the  inputs  to  the  model,  was  relatively  low. 

On  the  other  hand,  the  NN  models  with  the  block-structure  delivered  very  good 
simulation  accuracy  over  the  entire  simulation  time,  as  can  be  seen  in  Figure  5.  However 
there  was  one  odd  aspect  in  the  result  of  the  block-structured  NN  models  too,  which  was 
the  high  overshoot  of  the  model  output  at  about  1 .7  second  of  the  simulation  time  where 
the  valve  was  suddenly  closed  completely.  With  a  few  more  manual  tests,  it  was  found 
that  such  a  high  pitch  error  could  disappear  or  become  negligible  if  the  valve  input  was 
changed  more  gradually  than  a  sudden  step-type  change  to  the  complete  closure. 
Expecting  such  an  unrealistic  step  input  is  not  applied  in  any  actual  simulation  run,  these 
models  may  be  still  valid  enough  to  use.  If  still  necessary,  corrections  can  be  made  easily 
by  many  ways,  one  of  which  is  just  including  a  rule  such  as  ‘0(0  =  0  if  Ov(t)  =  0’  that 
overwrites  the  result  from  the  models. 

Task  4:  Human  in  the  Loop  Control 

After  an  investigation  of  several  software  frameworks  a  suitable  framework  has  been 
selected  and  a  migration  plan  put  in  place.  Given  the  following  criteria  the  most 
appropriate  framework  is  a  product  from  Adobe  called  Flex.  The  product  is  a  mixture  of 
the  Adobe  Action  script  programming  language  and  a  markup  language  call  MXML. 
Flex  applications  can  be  complied  into  byte  code  compatible  with  the  popular  Flash 
Player. 
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•  Built  in  cross  platform  compatibility. 

•  More  advanced  support  for  visual  effects  as  an  enabler  of  visual  analytics. 

•  Additional  support  for  a  more  modular  software  design. 

•  Capable  of  fast,  responsive,  and  intricate  interfaces. 

In  addition  to  the  selection  of  the  software  framework,  a  database  engine  has  been 
selected  to  facilitate  the  information  management  of  the  IRIS  system  simulation  and 
design.  MySQL  has  shown  in  a  simple  proof  of  concept  that  it  is  more  than  capable  of 
handling  the  load  demands  of  the  simulation  environment.  It  is  simple  to  integrate  with  a 
variety  of  frameworks  and  platforms,  and  touts  the  strengths  of  the  structured  query 
language.  Currently  it  is  one  of  the  most  commonly  used  database  engines.  It  is  possible 
that  its  suitability  can  change  over  time  as  Oracle  has  recently  acquired  MySQL. 
PostgreSQL  has  been  selected  as  a  fall  back  option.  As  a  measure  to  ensure  compatibility 
with  both  choices,  feature  usage  has  been  carefully  selected  as  the  HMI  database  libraries 
are  being  written. 

Task  5:  A  Methodology  for  Improving  the  Mission 
Effectiveness  in  Complex  Systems  Design 

One  of  the  main  objectives  of  IRIS  is  to  deliver  a  conceptual  design  methodology  for 
more  survivable  and  mission  effective  ships.  There  can  be  different  underlying 
philosophies,  based  on  which  an  improved  design  solution  can  be  returned.  Traditional 
design  approaches  would  foeus  on  performance,  while  modem  approaches  will  seek  for 
more  robust  solutions,  either  through  enhancing  safety  or  adding  automation  or 
intelligence.  Beyond  the  development  of  methods  that  allow  for  the  discovery  of  such 
solutions,  studies  ean  also  be  proposed  to  investigate  the  tradeoff  of  cost  vs.  effectiveness 
across  solutions  representing  different  underlying  design  philosophies. 

Traditional  design  approaches  are  based  on  optimizing  naval  system  architecture  for 
performance,  based  on  a  very  limited  number  of  mission  scenarios.  However,  such  point 
solutions  will  only  yield  responses  that  maximize  survivability  mostly  for  scenarios 
similar  to  the  ones  that  have  been  used  for  performance  optimization. 

While  the  traditional  design  approach  is  conceptually  fairly  simple  and  straightforward,  it 
does  not  really  address  any  issues  regarding  the  uncertainty  around  naval  system  mission 
requirements,  environmental  condition  or  even  the  capability  of  the  system  to  perform  as 
designed  under  real  operations.  Moreover,  it  cannot  guarantee  that  a  feature  that  is  an 
absolute  best  for  a  particular  threat  and  operational  situation,  might  not  be  the  best 
against  the  range  of  threats  and  operational  situations  it  may  encounter.  A  robust  solution 
will  represent  a  system  that  in  theory  would  be  better  prepared  to  perform  multiple 
mission  acts  and  withstand  a  larger  spectrum  of  unexpected  events.  At  the  same  time, 
prescribed  design  performance  might  not  be  optimal,  in  order  to  compensate  for  the 
multi-mission  capability  (e.g.,  preferred  extra  weight  for  redundant  systems  over 
maneuverability). 
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It  is  quite  certain  that  robust  design  can  offer  system  designs  that  are  capable  of  surviving 
under  various  mission  tasks  and  hazardous  threat  environments.  However,  the  question  at 
this  point  is  how  exactly  the  multi-mission  capability  and  the  enhanced  survivability  are 
enabled.  Typical  survivability  enhancement  features,  such  as  component  redundancy, 
separation  and  shielding  are  immediate  techniques  that  can  be  properly  applied  to  the 
design  based  on  conceptual  sizing.  Real  time  simulations  of  systems  operations  can  be 
also  available  for  the  sizing  and  decision  making  on  selecting  system  architectures.  This 
is  still  a  form  of  robust  design,  yet  through  a  more  reactive  approach  to  how  hazards  and 
environmental  uncertainty  affect  system  effectiveness. 

A  new  philosophy  has  been  recently  emerging  and  seeks  to  address  the  aforementioned 
concerns.  Resilience  engineering  is  a  novel  and  relatively  recent  form  of  philosophy  on 
understanding  threats,  accident  and  damage  propagation,  as  well  as  how  a  system  should 
be  designed  to  conform  to  changes  that  occur  around  it,  for  the  purpose  of  withstanding 
adverse  effects  and  maintaining  its  mission  effectiveness.  In  other  words,  a  resilient 
system  can  adjust  its  functioning  prior  to  or  following  changes  and  disturbances  so  that  it 
can  go  on  working  even  after  a  major  mishap  or  in  the  presence  of  continuous  stress, 
mainly  by  being  able  to  be  proactive  on  safety. 

Resilience  engineering  can  offer  insight  and  research  directions  that  may  lead  to  answers 
regarding  the  design  of  more  safe  and  survivable  complex  systems.  According  to  the 
systemic  view  of  how  accidents  occur,  one  can  infer  that  a  resilient  response  by  the 
system  would  include  the  ability  to  efficiently  adjust  to  non-favorable  influences  rather 
than  to  resist  them.  Such  ability  could  be  embedded  as  collection  of  internal 
functionalities  and  be  the  basis  for  certain  active  features  for  susccptibility/vulncrability 
reduction  and  recoverability  increase.  Automation  and  networks  of  sensing  grids  and 
information  distribution  might  be  possible  enablers  for  enhanced  reconfigurability  and 
would  lead  to  the  essential  functionality  of  a  resilient  system. 

The  overall  problem  though,  relics  on  investigating  possible  methods  for  improving 
system  and  mission  effectiveness.  According  to  the  Defense  Appropriation  Act  of  2004, 
effectiveness  can  be  improved  by  including  survivability  in  the  design  process  as  a  key 
performance  parameter.  The  current  United  States  Navy  standard  is  primarily  determined 
by  the  Survivability  Design  Handbook  for  Surface  Ships  (OPNAV  P-86-4-99). 
According  to  this  procedure,  survivability  is  improved  by  focusing  on  vulnerability  and 
applying  standard  design  principles  such  as  subsystem  redundancy  or  separation.  Other 
common  tools  that  arc  employed  arc  the  deactivation  diagrams  that  are  similar  to  fault 
tree  diagrams  in  reliability  studies. 

The  fundamental  research  question  regarding  this  initiative  would  be  how  to  improve  the 
design  the  system,  so  that  system  effectiveness  through  survivability  is  maximized  for  a 
given  set  of  scenarios,  which  will  include  system  damage  and/or  restoration  events. 
Moreover,  it  can  extend  to  consider  how  the  philosophy  of  resilience  engineering  can 
translate  into  a  systems  engineering  method,  involving  various  aspects,  such  as  accident 
and  damage  modeling  or  system  functionality  and  possible  enablers,  in  order  to  fit  into 
the  bigger  picture  of  more  survivable  systems  in  a  highly  uncertain  mission  environment. 


Based  on  earlier  work,  it  is  assumed  that  there  has  been  a  clarification  of  how  a  robust 
solution  would  differ  from  the  resilient  solution.  Most  of  current  ship  design  methods  are 
based  on  traditional  design  methods,  yet  robustness  of  solution  is  ensured  through 
optimizing  the  architecture  for  multiple  scenarios.  However,  nothing  ensures  that  a  robust 
solution  is  obtained  with  the  use  of  a  systemic  accident  model  or,  or  that  no  significant 
excess  of  weight  has  been  added  due  to  the  highly  redundant  subsystem  components.  But, 
more  importantly,  it  is  quite  challenging  to  demonstrate  how  a  robust  architecture  can  be 
proactive  through  its  embedded  functionality,  to  be  also  recognized  as  a  resilient  system. 

Furthermore,  it  is  assumed  that  a  first  iteration  of  a  method  for  resilient  systems  design 
will  have  been  formulated.  The  main  focus  for  this  task  should  become  the  fine-tuning  of 
this  method  and  demonstrating  its  superiority  if  compared  to  the  robust  solution  for  the 
same  mission  scenario.  At  the  same  time,  it  is  expected  that  there  will  be  a  cost- 
effectiveness  tradeoff  that  could  be  investigated  through  the  assessment  of  safety  and 
survivability  improvements  against  any  performance  degradation  for  both  design 
approaches. 

Based  on  the  objectives  stated  earlier,  a  central  hypothesis  can  be  formulated  and  the 
proposed  subtasks  will  aim  towards  supporting  it.  The  hypothesis  states  the  following: 

A  more  resilient  system  demonstrates  improved  survivability  than  a  robust  system,  mainly 
by  incorporating  engineering  system  reconfigurability,  if  subject  to  the  same  intelligent 
or  natural  events  that  affect  system  operations. 

Improved  safety  and  survivability  come  at  some  expense  in  overall  system  performance, 
acquisition  and  maintenance  costs. 

Before  providing  the  outline  of  tasks  that  is  combined  should  support  this  hypothesis,  the 
following  implications  can  be  extracted: 

•  Robust  systems  can  be  survivable  mainly  through  reduced  vulnerability,  yet 
without  significant  potential  in  active  susceptibility  reduction  and  recoverability 
enhancement. 

•  Resilience  engineering  suggests  a  collection  of  modem  concepts  that  could 
potentially  improve  active  survivability,  mainly  through  the  development  of 
reconfigurable  systems. 

•  While  resilient  systems  are  expected  to  be  more  survivable  than  robust  systems 
under  the  same  threat  environment,  it  might  be  that  such  benefit  will  be  at  the  cost 
of  degraded  system  performance  and  higher  acquisition  and  maintenance  costs 

Optimize  two  system  architectures,  using  robust  and  resilient  systems  design  respectively 

With  this  subtask,  two  different  approaches  are  adopted  for  delivering  two  alternative 
optimized  solutions,  starting  from  the  same  baseline.  The  common  baseline  is  a  version 
of  a  Yard  Patrol  craft  (YP)  that  will  be  augmented  for  survivability  improvement  through 
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susceptibility,  vulnerability  and  recoverability  reduction.  A  general  template  of  the 
method  adopted  is  presented  with  Figure  2. 

The  robust  design  approach  will  mostly  foeus  on  vulnerability  reduction,  through  the 
usage  of  more  reactive  technologies  and  naval  architecting  enhancements.  Some  of  them 
are  involving  redundant  components,  strategic  placement,  sophisticated  zonal  design, 
lighter  materials  and  enhanced  shielding.  To  a  great  extent,  robust  design  is  traditional 
naval  architecting,  with  improved  systems  engineering  to  satisfy  more  stringent  safety 
requirements  and  decision  making  for  on  selecting  the  optimal  solution,  based  on  multi¬ 
mission  operations  simulation. 

The  resilient  design  approach  is  a  robust  solution  to  a  great  extent,  yet  it  requires  the 
system  to  be  more  proactive  for  withstanding  and  recovering  from  a  threat  and  its 
resulting  events.  There  ean  be  various  enablers  that  will  offer  this  capability  to  the 
system.  Reconfigurability  seems  to  be  the  most  feasible  alternative  for  making  a  system 
more  resilient.  This  ean  be  achieved  with  controllers  that  will  support  a  series  of 
automated  functions  for  sensing,  analyzing  and  selecting  an  appropriate  plan  for 
withstanding  and  neutralizing  the  effects  of  the  threat.  Moreover,  the  implementation  of  a 
systemic  accident  and  damage  propagation  model  through  real  time  modeling  and 
simulation  ean  be  instrumental  in  identifying  additional  modes  of  failure  and  damage  that 
ean  be  taken  into  account  in  the  survivability  assessment  and  improvement  of  the 
architecture. 

The  experimentation  and  design  framework  has  been  structured  to  support  design  space 
exploration,  systemic  damage  and  accident  modeling,  physics  based  simulation  for 
capturing  system  behavior  and  includes  “placeholders”  for  importing  different 
reconfiguration  strategies  through  intelligent  algorithms  and  selecting  the  most  suitable 
for  a  given  architecture. 


Figure  6:  General  template  of  robust  and  resilient  design  methods 
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As  a  baseline,  a  notional  naval  ship  design  is  required  to  be  the  starting  point  for  the 
implementation  of  the  method.  A  synthesis  and  sizing  tool  is  used  for  generating  the 
geometry  and  the  inner  systems  distribution.  Paramarine  is  the  software  that  has  been 
used  to  create  this  baseline.  It  would  require  a  certain  amount  of  information  for  the 
creation  of  a  ship  baseline,  such  as  ship  geometry,  engineering  subsystems,  aequisition 
and  operations  cost  breakdown,  mission  profiles,  threats  and  hazards  and  local 
environmental  eonditions. 

The  damage  prediction  module  is  responsible  for  analyzing  and  visualizing  the  damage 
propagation  throughout  the  partieular  arehiteeture.  Based  on  the  three  different  types  of 
accident  modeling,  this  module  is  more  of  a  combination  of  a  linear  damage  model  and 
systemic.  It  is  using  DOMINO,  a  tool  based  on  the  theory  of  deactivation  diagrams  for 
initial  damage  prediction,  based  on  the  given  single  points  of  failure  and  subsystem 
connectivity.  This  module  is  linked  to  an  M&S  environment  that  simulates  the  operations 
of  the  ship’s  engineering  plant,  including  the  power  generation  and  the  cooling  system 
with  their  corresponding  controllers.  In  other  words,  the  physics-based  simulation 
represents  the  systemic  model  of  failure  prediction  and  is  exchanging  information  with 
the  deactivation  diagrams  at  the  end  of  every  time  step.  Fire  due  to  overheat  and 
compartment  flooding,  are  both  expected  to  be  part  of  damage  modeling. 
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Figure  7:  Screenshots  of  the  ship  geometry  model  for  IRIS  capability  demonstration 

A  set  of  responses  at  different  operational  levels  have  been  defined  and  require  data  that 
will  be  provided  by  the  output  of  the  simulation.  Such  metrics  are  the  figures  of  merit  for 
the  particular  design  solution  representing  the  corresponding  architecture  and  will 
determine  its  performance  based  on  survivability  and  mission  effectiveness  criteria.  At 
the  subsystem  level,  subsystem  performance  measures  ean  be  obtained  (e.g.  voltage 
outputs,  coolant  mass  flow  rates).  Given  a  scenario  per  system  configuration,  system 
sensitivities  and  correlations  of  measures  of  performance  (MoP)  to  scenario  changes  ean 
be  identified.  Such  measures  are  mostly  conditional  probabilities  of  achieving  an 
outcome  response,  given  events  that  occurred  earlier,  as  defined  by  the  scenario  event 
tree  analysis.  By  identifying  the  direction  of  improvement  and  exploring  the  design 
space,  multiple  iterations  ean  be  performed  around  the  baseline  to  achieve  a  solution  that 
satisfies  the  original  design  requirements. 

Survivability  mission  effectiveness  assessment  is  the  next  task  that  will  enable  the  eost- 
effeetiveness  tradeoff  for  each  solution.  Despite  the  fact  that  some  steps  of  a  survivability 
assessment  process  have  been  already  utilized  for  improving  the  solution  at  the  design 
process,  the  objective  of  this  task  is  to  evaluate  the  complete  solution.  The  template  for 
the  evaluation  process  is  the  Total  Ship  survivability  Assessment  Method  (TSSA),  an 
overview  of  which  is  provided  at  the  Figure  8. 

It  should  be  expected  however,  that  while  the  resilient  solution  demonstrates 
improvement  in  terms  of  safety  and  survivability,  it  might  also  incur  increased 
development  and  maintenance  costs.  A  similar  ease  is  expected  for  the  robust  solution, 
yet  it  should  be  investigated  whether  the  extra  costs  for  moving  from  a  robust  to  a 
resilient  system  ean  justify  the  safety  improvements  and  at  what  levels  of  mission 
performance  degradation.  For  a  mission  with  given  outcomes,  the  integration  of  MoP  to 
MoEs  should  look  like  Figure  9. 
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Figure  8:  Total  Ship  Survivability  Assessment  Method  (TSSA) 
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Figure  9:  Probabilistic  distribution  of  scenario  outcomes  as  calculated  by  the  TSSA 

method 
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